The classic perimeter cybersecurity strategy which has been employed for decades has limited value against well-resourced adversaries and is an ineffective approach to address insider threats. No longer can security operations teams build a wall around networks and think everything inside is safe. Every system, server, endpoint, and the data that resides on them or moves within and outside of DoD networks must be secured consistent with the new executive order on Improving the Nation's Cybersecurity, The Department of Defense is adopting a Zero Trust strategy based on three foundational guidelines: “Never trust, always verify; assume breach; and verify explicitly.” Zero Trust requires strong identity and access management and continuous monitoring for all resources, to limit impacts of breaches from external and insider threats. Additionally, Risk Management can no longer be based on a static check list approach for compliance. It needs to employ continuous monitoring of the cyber hygiene of the environment and be able to dynamically adjust to changing cyber threats. 

In this General Session, DoD experts will offer insights on how their new cybersecurity and risk management approaches will help create “a more secure, coordinated, seamless, transparent, and cost-effective IT architecture that transforms data into actionable information” and protects against persistent cyber threats.
 

The SolarWinds breach put the spotlight on supply chain risks and security. Although the DoD was not breached, 37 defense industrial base companies were hit by the sweeping SolarWinds supply chain hack attributed to the Russian government. The DoD has been aware of counterfeit equipment and supply risks for decades. The development of DoD’s Cybersecurity Maturity Model Certification (CMMC) is a critical component for strengthening the security posture of contractors and federal agencies as the threat environment rapidly evolves. However, security requirements and controls are so vast, they span across many areas in the IT and cybersecurity world.

In this breakout session, defense and government security experts will provide insights into best practices, solutions and technology that will strengthen supply chain defenses.
 

The Joint Warfighter Cloud Capability (JWCC) means DoD now has a multi-cloud/multi-vendor strategy. Initiatives like JADC2 and Artificial Intelligence and Data Acceleration (ADA), the evolution of the cloud ecosystem within DoD, and changes in user requirements to leverage multiple cloud environments to execute mission have driven the DoD to this juncture. By using different cloud providers defense agencies can match the right workload with the right cloud platform based on their unique requirements for performance, data location, scalability, and compliance. However, multi-cloud environments add more complexity to defense networks, expanding the attack surface hackers can target and exploit. Visibility across all infrastructures, whether on-premises or in cloud environments, is critical for cyber defenses to be effective.

In this breakout session, defense information technology and security experts will examine the policies, processes and technology that defense agencies need to protect information in a multi-cloud environment.
 

Cyber operations, cybersecurity, and information operations are increasingly important to the Joint Force as adversaries heavily invest in cyberspace operations and capabilities. The Defense Department does not only have to protect data, information systems, and networks from cyberattacks, but weapon systems, as well. The DoD’s U.S. Cyber Command has taken a comprehensive and proactive approach, known as Defend Forward. That involves the ability to respond to cyber and other threats before they reach the homeland. Defend Forward includes understanding what adversaries are trying to do and what the threat looks like before their attack. This requires working closely with allies and partners as well as teamwork between the NSA, the FBI, Department of Homeland Security, and other commands. DoD has the tools and expertise to conduct defensive and offensive cyber operations. 

In this breakout session, DoD decision-makers and cyber experts will examine the policies, methods, and technology the DoD must put in place to not only keep pace with adversaries but stay a step or two ahead of them.